
<?php

	require_once('config.php');
	
	echo '<html>
	<head>
	<link rel = "stylesheet" type="text/css" href="./style.css" >
	<title>Exeyous Hotel</title>
	</head>
	<body><div class="main"><img src="images/title.png">';
	if(array_key_exists('err', $_REQUEST)) echo "<h3><font color='red'>" . $_REQUEST['err'] . "</font></h3>";
	if(array_key_exists('register', $_REQUEST) && !array_key_exists('username', $_REQUEST)) { 
		echo '
		<form action="index.php" method="POST">
			<h4>Registration</h4>
			<input type="hidden" name="register" value="true">
			Username: <input type="text" name="username"><br>
			Password: <input type="password" name="password"><br>
			Password (Confirm): <input type="password" name="password2"><br>
			Email: <input type="text" name="email"><br>
			<script type="text/javascript"
				src="http://www.google.com/recaptcha/api/challenge?k=6Lf9LcYSAAAAAOR3Lh_F58yEE5uLkRcr8dJnt2hy">
			</script>
			<noscript>
				<iframe src="http://www.google.com/recaptcha/api/noscript?k=6Lf9LcYSAAAAAOR3Lh_F58yEE5uLkRcr8dJnt2hy
				height="300" width="500" frameborder="0"></iframe><br>
				<textarea name="recaptcha_challenge_field" rows="3" cols="40">
				</textarea>
				<input type="hidden" name="recaptcha_response_field"
				value="manual_challenge">
			</noscript>
			<input type="submit" name="submit" value="Submit">
		</form>';
	} else if (array_key_exists('register', $_REQUEST) && array_key_exists('username', $_REQUEST)) {
		$username = $_REQUEST['username'];
		$password = $_REQUEST['password'];
		$password2 = $_REQUEST['password2'];
		$email = $_REQUEST['email'];
		$recap_s = $_REQUEST['recaptcha_challenge_field'];
		$recap_c = $_REQUEST['recaptcha_response_field'];
		$ip = $_SERVER['REMOTE_ADDR'];
		
		if($username == null) { error_redirect("Please enter a username", true); }
		if($password == null && $password2 == null) { error_redirect("Please enter both password fields", true); }
		if(!valid("username", $username)) error_redirect("Invalid username. Only Characters A - Z, a - z, . - # $ and Numbers are allowed", true);
		if(!valid("password", $password)) error_redirect("Invalid password. Only letters and numbers are allowed", true);
		if($password != $password2) { error_redirect("Password do not match", true); }
		
		$tosend = array( 'privatekey'	=> "6Lf9LcYSAAAAAMIF76KJX3zHHBSs-pnTO4j3R1NG",
						 'remoteip'		=> $ip,
						 'challenge'	=> $recap_s,
						 'response' 	=> $recap_c );
		
		$ch = curl_init("http://www.google.com/recaptcha/api/verify");
		curl_setopt($ch, CURLOPT_POST, 1);
		curl_setopt($ch, CURLOPT_POSTFIELDS, $tosend);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		$response = curl_exec($ch);
		curl_close($ch);
		
		$password = md5(sha1($password));
		
		$capres = explode($response, "\n");
		if($capres[0]) {
			if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='$username'")) == 0) {
				mysql_query("INSERT INTO users (username, password, mail, credits, ip_last, ip_reg)
										VALUES ('$username', '$password', '$email', '250', '$ip', '$ip')");
										error_redirect("Registration Complete");
			} else {
				error_redirect("Username taken", true);
			}
		} else {
			error_redirect("Incorrect captcha", true);
		}

	} else if(array_key_exists('username', $_REQUEST)) {
		$username = $_REQUEST['username'];
		$password = $_REQUEST['password'];
		$password = md5(sha1($password));
		if(($username == null || $password == null) || (!valid("username", $username) || !valid("password", $password))) error_redirect("Invalid username or password entered");
		if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'")) == 0) error_redirect("Incorrect username of password");
		else {
			$_SESSION['username'] = $username;
			$_SESSION['careful'] = sha1(sha1($username));
			echo '<meta http-equiv="refresh" content="0;url=client.php">';
		}
	} else {
		echo '
		<h4>Login</h4>
			<form action = "index.php" method="POST">
				Username: <input type="text" class="tb11" name="username" value="Username"><br>
				Password: <input type="password" class="tb12" name="password" value="Password"><br>
				<input type="submit" value="Submit"><br><br>
				<a href="index.php?register=true">Register</a>
			</form>
		';
	}
	echo "</div></center></body></html>";

?>